Darshan I/O profiler MCP server for analyzing I/O trace files
{
"mcpServers": {
"hdf5-mcp": {
"args": [
"clio-kit",
"mcp-server",
"hdf5"
],
"command": "uvx"
},
"slurm-mcp": {
"args": [
"clio-kit",
"mcp-server",
"slurm"
],
"command": "uvx"
},
"pandas-mcp": {
"args": [
"clio-kit",
"mcp-server",
"pandas"
],
"command": "uvx"
}
}
}Darshan I/O profiler MCP server for analyzing I/O trace files
Is it safe?
No known CVEs for uv. 3 previously resolved.
No authentication — any process on your machine can connect.
License not specified.
Is it maintained?
Last commit 38 days ago. 24 stars.
Will it work with my client?
Transport: stdio, sse, http. Works with Claude Desktop, Cursor, Claude Code, and most MCP clients.
Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.
uvx uv 2>&1 | head -1 && echo "✓ Server started successfully"
After testing, let us know if it worked:
This server is missing a description. Tools and install config are also missing.If you've used it, help the community.
Add informationLast scanned 2h ago
No open vulnerabilities. 3 fixed CVEs.
CVE-2025-13327Fixeduv allows ZIP payload obfuscation through parsing differentials
### Impact In versions 0.9.5 and earlier of uv, ZIP archives were handled in a manner that enabled two parsing differentials against other components of the Python packaging ecosystem: 1. Central directory entries in a ZIP archive can contain comment fields. However, uv would assume that these fields were not present, since they aren't widely used. Consequently, a ZIP archive could be constructed where uv would interpret the contents of a central directory comment field as ZIP control structur
GHSA-w476-p2h3-79g9Fixeduv has differential in tar extraction with PAX headers
### Impact In versions 0.9.4 and earlier of uv, tar archives containing PAX headers with file size overrides were not handled properly. As a result, an attacker could contrive a source distribution (as a tar archive) that would extract differently when installed via uv versus other Python package installers. The underlying parsing differential here originates with astral-tokio-tar, which disclosed this vulnerability as CVE-2025-62518. In practice, the impact of this vulnerability is **low**:
CVE-2025-54368Fixeduv allows ZIP payload obfuscation through parsing differentials
## Impact In versions 0.8.5 and earlier of uv, remote ZIP archives were handled in a streamwise fashion, and file entries were not reconciled against the archive's central directory. This enabled two parser differentials against other Python package installers: 1. An attacker could contrive a ZIP archive that would extract with legitimate contents on some package installers, and malicious contents on others due to multiple local file entries. The attacker could choose which installer to target
Have you used this server?
Share your experience — it helps other developers decide.
Sign in to write a review.
Start a conversation
Ask a question, share a tip, or report an issue.
Sign in to join the discussion.